package com.tianqingwl.gsystem.security.config;

import com.tianqingwl.gsystem.install.filter.InstallFilter;
import com.tianqingwl.gsystem.security.filter.CaptchaValidateFilter;
import com.tianqingwl.gsystem.security.handler.LoginFailJsonHandler;
import com.tianqingwl.gsystem.security.handler.LoginSuccessJsonHandler;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl;
import org.springframework.security.web.authentication.rememberme.PersistentTokenRepository;

import javax.sql.DataSource;

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Autowired
    private LoginSuccessJsonHandler loginSuccessJsonHandler;
    @Autowired
    private LoginFailJsonHandler loginFailJsonHandler;
    @Autowired
    private DataSource dataSource;
    @Autowired
    private PersistentTokenRepository persistentTokenRepository;
    @Autowired
    private UserDetailsService userDetailsService;
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        CaptchaValidateFilter captchaValidateFilter = new CaptchaValidateFilter();
        InstallFilter installFilter = new InstallFilter();
        captchaValidateFilter.setLoginFailJsonHandler(loginFailJsonHandler);
        http
                .addFilterBefore(captchaValidateFilter, UsernamePasswordAuthenticationFilter.class)//验证码过滤器
                .addFilterBefore(installFilter, CaptchaValidateFilter.class)//安装过滤器
                .formLogin()
                .loginPage("/login.html")
                .loginProcessingUrl("/login")
                //.successForwardUrl("/")
                .successForwardUrl("/manage/index.html")
                .successHandler(loginSuccessJsonHandler)
                .failureHandler(loginFailJsonHandler)
                .and()
                    .rememberMe()
                    .tokenRepository(persistentTokenRepository)
                    .tokenValiditySeconds(2*7*24*60*60)
                    .userDetailsService(userDetailsService)
                .and()
                    .authorizeRequests()
                    .antMatchers("/login.html").permitAll()//登录页
                    .antMatchers("/captcha").permitAll()//验证码
                    .antMatchers("/favicon.ico").permitAll()
                    .antMatchers("/layuimini/**").permitAll()//后台静态资源
                    .antMatchers("/default/**").permitAll()//默认模板
                    .antMatchers("/template/**").permitAll()//其他模板静态资源
                    .antMatchers("/upload/**").permitAll()//上传文件
                    .antMatchers("/").permitAll()//前台首页
                    .antMatchers("/*.html").permitAll()//前台文章页
                    .antMatchers("/list/**").permitAll()//前台列表页
                    .antMatchers("/tag/**").permitAll()//前台标签列表页
                    .antMatchers("/error/**").permitAll()//404页面
                    .antMatchers("/install/**").permitAll()//install页面
                    .antMatchers("/test/**").hasIpAddress("127.0.0.1")//本地测试接口
                    .anyRequest().authenticated()//所有请求需要认证
                .and()
                    .headers().frameOptions().disable()//允许iframe
                .and().csrf().disable()
        ;
    }

    /*@Bean
    public LoginSuccessJsonHandler loginSuccessJsonHandler() {
        return new LoginSuccessJsonHandler();
    }*/

    /*@Bean
    public LoginFailJsonHandler loginFailJsonHandler() {
        return new LoginFailJsonHandler();
    }*/

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

    @Bean
    public PersistentTokenRepository persistentTokenRepository(){
        JdbcTokenRepositoryImpl jdbcTokenRepository = new JdbcTokenRepositoryImpl();
        jdbcTokenRepository.setDataSource(dataSource);
        jdbcTokenRepository.setCreateTableOnStartup(false);
        return jdbcTokenRepository;
    }
}
